github.com/gophish/gophish@v0.12.2-0.20230915144530-8e7929441393/models/user.go (about)

     1  package models
     2  
     3  import (
     4  	"errors"
     5  	"time"
     6  
     7  	log "github.com/gophish/gophish/logger"
     8  )
     9  
    10  // ErrModifyingOnlyAdmin occurs when there is an attempt to modify the only
    11  // user account with the Admin role in such a way that there will be no user
    12  // accounts left in Gophish with that role.
    13  var ErrModifyingOnlyAdmin = errors.New("Cannot remove the only administrator")
    14  
    15  // User represents the user model for gophish.
    16  type User struct {
    17  	Id                     int64     `json:"id"`
    18  	Username               string    `json:"username" sql:"not null;unique"`
    19  	Hash                   string    `json:"-"`
    20  	ApiKey                 string    `json:"api_key" sql:"not null;unique"`
    21  	Role                   Role      `json:"role" gorm:"association_autoupdate:false;association_autocreate:false"`
    22  	RoleID                 int64     `json:"-"`
    23  	PasswordChangeRequired bool      `json:"password_change_required"`
    24  	AccountLocked          bool      `json:"account_locked"`
    25  	LastLogin              time.Time `json:"last_login"`
    26  }
    27  
    28  // GetUser returns the user that the given id corresponds to. If no user is found, an
    29  // error is thrown.
    30  func GetUser(id int64) (User, error) {
    31  	u := User{}
    32  	err := db.Preload("Role").Where("id=?", id).First(&u).Error
    33  	return u, err
    34  }
    35  
    36  // GetUsers returns the users registered in Gophish
    37  func GetUsers() ([]User, error) {
    38  	us := []User{}
    39  	err := db.Preload("Role").Find(&us).Error
    40  	return us, err
    41  }
    42  
    43  // GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an
    44  // error is thrown.
    45  func GetUserByAPIKey(key string) (User, error) {
    46  	u := User{}
    47  	err := db.Preload("Role").Where("api_key = ?", key).First(&u).Error
    48  	return u, err
    49  }
    50  
    51  // GetUserByUsername returns the user that the given username corresponds to. If no user is found, an
    52  // error is thrown.
    53  func GetUserByUsername(username string) (User, error) {
    54  	u := User{}
    55  	err := db.Preload("Role").Where("username = ?", username).First(&u).Error
    56  	return u, err
    57  }
    58  
    59  // PutUser updates the given user
    60  func PutUser(u *User) error {
    61  	err := db.Save(u).Error
    62  	return err
    63  }
    64  
    65  // EnsureEnoughAdmins ensures that there is more than one user account in
    66  // Gophish with the Admin role. This function is meant to be called before
    67  // modifying a user account with the Admin role in a non-revokable way.
    68  func EnsureEnoughAdmins() error {
    69  	role, err := GetRoleBySlug(RoleAdmin)
    70  	if err != nil {
    71  		return err
    72  	}
    73  	var adminCount int
    74  	err = db.Model(&User{}).Where("role_id=?", role.ID).Count(&adminCount).Error
    75  	if err != nil {
    76  		return err
    77  	}
    78  	if adminCount == 1 {
    79  		return ErrModifyingOnlyAdmin
    80  	}
    81  	return nil
    82  }
    83  
    84  // DeleteUser deletes the given user. To ensure that there is always at least
    85  // one user account with the Admin role, this function will refuse to delete
    86  // the last Admin.
    87  func DeleteUser(id int64) error {
    88  	existing, err := GetUser(id)
    89  	if err != nil {
    90  		return err
    91  	}
    92  	// If the user is an admin, we need to verify that it's not the last one.
    93  	if existing.Role.Slug == RoleAdmin {
    94  		err = EnsureEnoughAdmins()
    95  		if err != nil {
    96  			return err
    97  		}
    98  	}
    99  	campaigns, err := GetCampaigns(id)
   100  	if err != nil {
   101  		return err
   102  	}
   103  	// Delete the campaigns
   104  	log.Infof("Deleting campaigns for user ID %d", id)
   105  	for _, campaign := range campaigns {
   106  		err = DeleteCampaign(campaign.Id)
   107  		if err != nil {
   108  			return err
   109  		}
   110  	}
   111  	log.Infof("Deleting pages for user ID %d", id)
   112  	// Delete the landing pages
   113  	pages, err := GetPages(id)
   114  	if err != nil {
   115  		return err
   116  	}
   117  	for _, page := range pages {
   118  		err = DeletePage(page.Id, id)
   119  		if err != nil {
   120  			return err
   121  		}
   122  	}
   123  	// Delete the templates
   124  	log.Infof("Deleting templates for user ID %d", id)
   125  	templates, err := GetTemplates(id)
   126  	if err != nil {
   127  		return err
   128  	}
   129  	for _, template := range templates {
   130  		err = DeleteTemplate(template.Id, id)
   131  		if err != nil {
   132  			return err
   133  		}
   134  	}
   135  	// Delete the groups
   136  	log.Infof("Deleting groups for user ID %d", id)
   137  	groups, err := GetGroups(id)
   138  	if err != nil {
   139  		return err
   140  	}
   141  	for _, group := range groups {
   142  		err = DeleteGroup(&group)
   143  		if err != nil {
   144  			return err
   145  		}
   146  	}
   147  	// Delete the sending profiles
   148  	log.Infof("Deleting sending profiles for user ID %d", id)
   149  	profiles, err := GetSMTPs(id)
   150  	if err != nil {
   151  		return err
   152  	}
   153  	for _, profile := range profiles {
   154  		err = DeleteSMTP(profile.Id, id)
   155  		if err != nil {
   156  			return err
   157  		}
   158  	}
   159  	// Finally, delete the user
   160  	err = db.Where("id=?", id).Delete(&User{}).Error
   161  	return err
   162  }